CVE-2007-1558 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1558
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1558

Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-520-1 http://www.ubuntu.com/usn/usn-469-1 TRUSTIX http://www.trustix.org/errata/2007/0024/ http://www.trustix.org/errata/2007/0019/ SUSE http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.novell.com/linux/security/advisories/2007_36_mozilla.html ST 1018008 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SGI SAID Secunia Advisory: SA25858 Secunia Advisory: SA26415 Secunia Advisory: SA26083 Secunia Advisory: SA25894 Secunia Advisory: SA25798 Secunia Advisory: SA25750 Secunia Advisory: SA25664 Secunia Advisory: SA25534 Secunia Advisory: SA25559 Secunia Advisory: SA25496 Secunia Advisory: SA25546 Secunia Advisory: SA25529 Secunia Advisory: SA25476 Secunia Advisory: SA25402 Secunia Advisory: SA25353 Secunia Advisory: SA35699 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.redhat.com/support/errata/RHSA-2007-0386.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html MLIST http://www.openwall.com/lists/oss-security/2009/08/18/1 http://www.openwall.com/lists/oss-security/2009/08/15/1 http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 GENTOO http://security.gentoo.org/glsa/glsa-200706-06.xml DEBIAN http://www.debian.org/security/2007/dsa-1300 http://www.debian.org/security/2007/dsa-1305 CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt http://sourceforge.net/forum/forum.php?forum_id=683706 http://sylpheed.sraoss.jp/en/news.html http://www.claws-mail.org/news.php http://www.mozilla.org/security/announce/2007/mfsa2007-15.html http://balsa.gnome.org/download.html http://docs.info.apple.com/article.html?artnum=305530 CERT http://www.us-cert.gov/cas/techalerts/TA07-151A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471842/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/471455/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/471720/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/464569/100/0/threaded http://www.securityfocus.com/archive/1/464477/30/0/threaded BID 23257 APPLE http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Return to the previous page.